1. Field of the Invention
This invention pertains in general to network security and in particular to prioritizing vulnerabilities detected on the network.
2. Description of the Related Art
Computer security is a constant concern. An enterprise network, such as a network operated by a business, school, or government agency, is under continuous threat of attack. Malicious entities frequently attempt to compromise the network and perform malicious tasks such as obtaining confidential information, destroying data, and taking control of networked computers for use in subsequent attacks. The entities launch their attacks from a variety of locations. Some attacks come from the Internet or other public networks to which the enterprise network is connected. Other attacks come from within the enterprise network itself.
A network administrator is tasked with maintaining security on the enterprise network. There are a variety of tools and techniques that the administrator can use to secure the network. For example, the administrator can use a firewall to restrict access to the enterprise network. Likewise, the administrator can use network scanning tools to profile the hosts on the enterprise network and identify known vulnerabilities that are present. The administrator can review the list of vulnerabilities, and then remediate them by patching the affected hosts, reconfiguring the firewall, or taking other steps.
A problem with existing network scanning tools is that they often report an extremely large list of vulnerabilities. A large enterprise network might contain thousands of network hosts, and each host is likely to have multiple potential vulnerabilities. The existing network scanning tools can prioritize the vulnerabilities in order to allow the administrator to identify and remedy the critical ones. However, even then, there might be too many critical vulnerabilities for the administrator to address effectively. Further, sometimes the scanning tools prioritize incorrectly. For example, a tool might prioritize a vulnerability as “critical” even though it is located behind a firewall that prevents it from being accessed. Therefore, there is a need in the art for a way to more effectively prioritize vulnerabilities detected on an enterprise network.